CVE-2021-33205
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials.
Western Digital EdgeRover versiones anteriores a 0.25, presenta una vulnerabilidad de escalada de privilegios en la que un usuario poco privilegiado podría cargar contenido malicioso en directorios con privilegios más altos, debido a cómo Node.js es usado. Un atacante puede alcanzar privilegios de administrador y llevar a cabo actividades maliciosas como crear una biblioteca falsa y robar credenciales de usuario
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-19 CVE Reserved
- 2021-06-11 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.westerndigital.com/support/productsecurity/wdc-21007-edgerover-windows-app-ver-0-25 | 2022-07-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Westerndigital Search vendor "Westerndigital" | Edgerover Search vendor "Westerndigital" for product "Edgerover" | < 0.25 Search vendor "Westerndigital" for product "Edgerover" and version " < 0.25" | windows |
Affected
|